Implement Security Testing for v2 Before Production Release

[abdullah-alnahas]

I strongly believe that we need to prioritize security testing to ensure that the application is secure against potential vulnerabilities and attacks.

I don't have much knowledge about the topic, however, after doing a few conversations with LLMs I think tools such as OWASP ZAP could be used. These tools can help us identify and remediate security issues.

Some specific areas that we should focus on include:

• SQL injection testing
• Cross-site scripting (XSS) testing
• Cross-site request forgery (CSRF) testing
• Authentication and authorization testing
• Dependency vulnerability testing

What do you think?

[waleedkadous]

I really have three questions:

• How hard is it to set up?
• How serious are the issues that it identifies?
• What are the threat vectors that we are trying to protect against?

On Wed, Mar 20, 2024 at 3:06 PM Abdullah Al Nahas @.***> wrote:

I strongly believe that we need to prioritize security testing to ensure that the application is secure against potential vulnerabilities and attacks.

I don't have much knowledge about the topic, however, after doing a few conversations with LLMs I think tools such as OWASP ZAP could be used. These tools can help us identify and remediate security issues.

Some specific areas that we should focus on include:

• SQL injection testing
• Cross-site scripting (XSS) testing
• Cross-site request forgery (CSRF) testing
• Authentication and authorization testing
• Dependency vulnerability testing

What do you think?

— Reply to this email directly, view it on GitHub https://github.com/waleedkadous/ansari-backend/issues/25, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUXGUDX3VZ4ED4XA7FGHW3YZIB75AVCNFSM6AAAAABFAKITMCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE4TQNRWGMYTSNI . You are receiving this because you are subscribed to this thread.Message ID: @.***>